Virtual assistants will become a popular target for protestors, warns Gartner

New research has predicted that the easy-to-use nature of virtual assistants makes them a prime target for protestors - and this will increasingly lead to attempts to shut down contact centres as a way of objecting against businesses. 

Conducted by Gartner, the report explains how these citizen-led denial of service (cDoS) attacks disrupt customer support operations by overwhelming companies with traffic.

Whilst DoS attacks have been prominent for years, they were previously exclusively the domain of hackers – meaning they were more infrequent.

Citizen-led denial of service attacks, on the other hand, are a new type of denial of service – led by average people, not hackers – and performed through virtual assistants.

Due to the proliferation of virtual assistants, the report goes on to state that by 2026, cDoS attacks will become the fastest-growing form of protest worldwide.

These latest findings are indicative of a trend that has seen protests against businesses and organisations growing increasingly digital in recent years.

Most of us have been privy to examples of people taking to social media to complain about/call out brands, with Twitter proving particularly popular in this regard due to the ability to tag brand’s accounts.

However, this latest development is a step further – with people looking to actively damage companies’ day-to-day operations, not just their reputations.

Indeed, in 2021 there were at least 9.84 million denial of service attacks – a 14% increase from 2019 – with the direct aim of shutting down organisations’ websites and communication channels.

The rise of the virtual assistant

There is no denying that virtual assistants are becoming more and more common-place in contemporary society, with smartphone-based programmes like Siri and smart speakers like Alexa being perhaps the most popular.

As these programmes become more normalised, they are unintentionally vastly enhancing the potential of denial of service attacks.

Virtual assistants allow for a significantly easier way for protesters to disrupt organisations by flooding their customer support channels like phone lines, email, chat and interactive voice response (IVR) systems.

By 2024, citizens will shut down a major global enterprise company’s contact centre through DoS attacks launched by virtual assistants.

According to one forecast, 8.4 billion virtual assistants will be in use by 2024, up from 3.25 billion in 2019. As these devices become more sophisticated, customers will increasingly use them to contact companies on their behalf, both for legitimate business – for example, ordering a pizza – but also as a form of protest.

In fact, the scalability of virtual personal assistants – technology that increasingly sounds human, but that will not grow impatient waiting for someone to pick up – is very likely to overwhelm systems designed for customer service.

These concerns are so grave, that the report actually predicts that by 2024, citizens will shut down a major global enterprise company’s contact centre through denial of service attacks launched by virtual assistants.

How can companies protect themselves

With the report revealing such worrying findings, companies will undoubtedly be seeking ways to protect themselves against these attacks.

Not only do they cause the obvious issue of brand reputation damage, due to customers being unable to contact them or access their websites, there will also be severe financial implications.

Take, for example, an attack shutting down a major customer contact centre for a day – or even just occupying a chatbot or IVR with fake traffic. Either could cost a large business hundreds of thousands of dollars in operational expenses, lost productivity, customer churn and long-term brand impact.

As companies look to combat these disruptions, perhaps the most obvious question that they will be asking is: ‘why isn’t this illegal?’.

Whilst cDoS attacks certainly violate various international policies and laws, the current debate surrounding the subject is whether or not they constitute a form of free speech.

Unfortunately for companies, this is a debate that will only become more complicated – potentially even resulting in the need for new legislation – when these attacks are inevitably perpetrated by citizens focused on social issues as opposed to maliciously motivated hackers.

Until that debate is finalised and legal measures are introduced, companies will need to take things into their own hands.

Report authors, Emily Potosky and Eric Keller, provide the following recommendations to help companies respond to these technology-enabled protests:

• Identify when and how a cDoS attack would be most likely to occur. Protestors are likely to stage these attacks after bad press, a controversial new announcement, or during times of high contact volume when an attack would be most disruptive.
• Speak with your chief information security officer and technology partners (e.g., carriers, ISPs, SaaS providers, etc.) to flag cDoS as a concern and explore leveraging existing technologies that help with DoS attacks.
• Accelerate investment in cloud/VoIP technology, because vendors of these technologies have features that offer protections against DoS attacks.
• Work with operations, IT, communications, legal and product leaders to create a business plan and get it up and running as soon as possible; some examples include promoting alternative channels like social media, and sending proactive communications to high-value customers.